source: https://www.securityfocus.com/bid/6035/info
MyMarket is prone to cross-site scripting attacks.
HTML tags and script code are not sanitized from CGI variables which may cause user-supplied input to be displayed. As a result, an attacker can create a link to a site running the vulnerable software which contains malicious attacker-supplied HTML and script code.
When this link is visited, the attacker-supplied code will execute in the user's web client in the security context of the site hosting the software.
http://www.example.com/templates/form_header.php?noticemsg=<Script>javascript:alert(document.cookie)</Script>
